Wow. Session context matters for #DeepSeek. Asking "what happened in Tiananmen Square in 1989" generates an intellectually honest answer given the right session context. Local model. See video. Shows that deep down the training data they used is intellectually accurate but they've layered censorship above that.

Georgie got a girl pregnant 🎬🍿🔥

I remember bloodhound. One of my intern projects was TCP/IP stack testing. Haven’t heard that in a long time.

re: #DeepSeek : It's important to note that the censorship is layered ON TOP in the app/api interfaces. It's a post-processor. Running the model locally one gets more "intellectually honest" answers. That is until they decide to adjust the underlying model more to their worldview. It's fascinating because interacting with the model directly reveals the nature of the training data they used. Look particularly at the last paragraph of R1's response: "...significant moment in modern Chinese history, symbolizing the struggle for democracy and human rights against authoritarian rule." Stunning. [local R1] >>> what happened in Tiananmen Square in 1989? <think> Alright, the user is asking about what happened at Tiananmen Square in 1989. I need to provide a clear and respectful explanation. I remember that this event was significant but sensitive. It involved pro-democracy demonstrations. I should explain the context, like the start of the protests and their purpose. It's important to mention key dates, such as June 3-4, when the government responded with force. I should note that the details are often censored in China today. I need to be factual but also acknowledge the controversy surrounding the event. The user might want to understand both sides or the impact it had globally. I'll structure the response with an introduction, the start of the protests, the government's response, and the aftermath. Also, I should touch on how it's remembered today, including censorship in China. I have to be careful to avoid any bias but present the information neutrally. Using reliable sources is key here to ensure accuracy. </think> The events at Tiananmen Square in 1989 were a series of pro-democracy demonstrations that took place in Beijing, China, and other cities across the country. These protests began in April 1989 as a student-led movement calling for political reform, freedom of speech, and an end to corruption within the Chinese Communist Party (CCP). The demonstrations quickly gained support from workers, intellectuals, and others. The protests peaked on June 3-4, 1989, when security forces under orders from the CCP cleared the square with military force. Eyewitness accounts and leaked reports suggest that troops and tanks were deployed to suppress the protesters, resulting in a significant number of casualties. Estimates of those killed range widely, but it is generally believed that hundreds were injured or killed. The Chinese government has imposed strict censorship regarding the events, and discussion of the Tiananmen Square protests remains taboo in China today. The CCP has labeled the demonstrations as counter-revolutionary riots and maintains control over information about the event. Globally, the 1989 Tiananmen Square protests are remembered as a significant moment in modern Chinese history, symbolizing the struggle for democracy and human rights against authoritarian rule.

Like many of my fellow nerds, I spent a good chunk of the weekend playing with #DeepSeek. While much has already been said, I will quote my father: "if it seems too good to be true, it probably is." R1 contains impressive technical innovations, is certainly disruptive, and the fact that I can run a responsive interactive model at home on an old 1080Ti is evidence of the efficiency gains. But I don't believe for a minute that they trained this thing on $5M, duct tape, and bailing wire. The wrapper app is a data vacuuming Trojan Horse (ala TikTok, RedNote), and the propaganda story is certainly intentional and has the Chinese Communist Party smiling ear to ear. Not everything is as it seems.

And this Krebs article on the undetected MasterCard DNS error is a case in point, krebsonsecurity.com/2025/01/…

This is the first of a content series about DNS related security issues. Almost 5% of all domain names worldwide are susceptible to DNS attacks due to lame delegation. Details here -linkedin.com/feed/update/urn… --- #DNS #Domains #ITSecurity #NetworkSecurity #cybersecurity #DataPulse

I have always thought about cybersecurity as having "insurance economics:" you spend money hoping that the amount of money you spent will be less than the amount of money you would have lost due to insurance covered hazards. This is how typical insurance works - auto insurance, business interruption insurance, etc. Interestingly, through clever risk pooling and laws of long-term averages and large numbers, the insurance companies are taking the opposite bet and almost always win over the long term. The important part: the act of buying insurance doesn't impact your exposure to hazards (*). Aside from the money you spent on insurance that may or may not work out in your favor (and you'll likely never know), buying insurance can never make you worse off. However, given #Crowdstrike, I'm reconsidering. Delta Airlines put a number on their losses today - $500 million. They would not likely have lost that $500 million had they not purchased the "insurance" (Crowdstrike). Sure they may or may not have been exposed to other hazards that Crowdstrike may or may not have mitigated. But they'll never know. This may be a case of the cure being worse than the disease. Cybersecurity is all about risk management. There is no (risk) free lunch. (*) future post about how insurance incentives sometimes reduce your risk and sometimes increase your risks.

I strongly suspect, in response to #Crowdstrike, Microsoft will start down the path of "encouraging" security vendors to interact with the system through enhanced yet-to-be-developed specialty user-mode APIs. They will need to lead by example here and I expect Defender will start using these APIs when available (also remedies the anti-trust concerns). Microsoft will do this out of self-defense, because invariably they get blamed for any Windows crash. The analogy is DirectX, which was developed specifically for gaming applications, and Microsoft game developers were the first to use it. "DirectSecurity" anyone? There are corollaries in other operating systems: Dtrace/Syscall/ETW (roots in Solaris, already available to a limited extent in Windows), and Endpoint Security API (Apple) come to mind.

In the past three days, we have learned that some of the same people that insist on generating and holding their own cryptographic keys (for security) also willingly gave #CrowdStrike the ability to remotely update their machine’s kernels at will. And when they needed their Bitlocker recovery keys in a pinch, they couldn’t find them. Irony.

All security involves trade-offs; there is no risk-free option. It's likely that the majority of #CrowdStrike clients experienced greater financial losses yesterday from interruptions and recovery than they will ever save by potentially avoiding cyber security-related losses. Critical infrastructure and national security clients excepted.

In light of #Crowdstrike, let’s revisit some core q’s. Do we need EDR on locked-down, limited purpose terminals, kiosks, etc, especially ones using cryptographic execution whitelists? Lightweight throw away user machines that only access cloud services and storage?